
In re Appln. of: Nk Srinivas 
Application No.: 09/602,431 

REMARKS 

Claims 1-20 are pending in this application. Claims 2-5, 7, and 1 1-20 are allowed over 
the prior art of record. Claims 1, 6, and 8-10 stand rejected, and are at issue herein. 

The Applicant wishes to thank the Examiner for consideration and examination of the 
claims of this application. The Applicant acknowledges the Examiner's indication of the 
allowability of claims 2-5, 7, and 1 1-20 over the prior art of record. However, the Applicant 
respectfully traverses the Examiner's statement in paragraph 3.1 of the Official Action to the 
extent that it differs from a mere restatement of the claim language. The Applicant further 
respectfully traverses the Examiner's statement and reasoning insofar as they would lead to or 
suggest, if at all, an interpretation of the claimed invention different from the full extent of claim 
scope afforded thereto by the established law and in the absence of the statement in paragraph 
3.1. 

The Examiner has rejected claims 1, 6, and 8-10 under 35 U.S.C. § 102(a) as being 
anticipated by Denker (U.S. Patent No. 5,958,053). The Applicant wishes to maintain his 
traversal of this ground of rejection stated in the previous response, but has made a clarifying 
amendment to independent claim 1 that should make clear the inherent distinction argued 
previously that a llocation of a small TCB requires allocationjc^jmgnor y_resources. 
Reconsideration of this ground of rejection and indication of the allowance of claims 1, 6, and 8- 
10 at an early date in view of the foregoing amendment and the following remarks are 
respectfully solicited. 

Independent claim 1 as amended, from which each of the rejected claims depend, 
requires inter alia "allocating a small TCP cp ntrojjDlock (TCB) in memory to service a TCP/I P 
three-wa y handshake." As is well-known in the art and as is specifically recognized in the 
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Denker '053 reference, the allocation of a TCB utilizes memory resources. Indeed, Denker '053 
states that a server typically allocates " in memory a full blown transmission control block after 
receiving a S YN message to store all the required information for the connection with the 
expectation that the incipient connection will soon become a fully established connection." 
Denker '053, column 2, lines 60-67. However, Denker '053 also recognizes that other resources 
are allocated for an incipient connection, to wit computation and communication resources. As 
such, Denker '053 states that "it is desirable to find a defense where the server commits only 
proportional amounts of resources [as the attacking client], namely modest computation, modest 
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communication, and, if at all possible, zero memory ." Denker '053, col. 3, In. 18-25 (emphasis 
added). 

The Examiner has cited to col. 4, In. 48-52 for the proposition that Denker '053 allocates 
a small TCB as required by claim 1. However, this cited section actually refers to the allocation 
of "minimal resources " in response to the receipt of a S YN packet. As will be discussed in detail 
below, the Applicant respectfully submits that these "minimal resources" actually refer to the 
"modest computation, modest communication, and, if at all possible, zero memory" discussed as 
a desire of the invention. Since claim 1 now explicitly recites that the allocation of t he small 
TCB is "i n memory ," the Applicant respectfully submits that this claim and those dependent 
thereon cannot be anticipated by the system of Denker '053. 

While independent claim 1 requires the allocation of a small TCB in memory to service 
the TCP/IP three : wax Jiandshake, th e protocols of Denker '053 specifically require that no 
memory resources be allocated for the incipient connection. Specifically, Denker '053, column 
7,Tines 31-36 specifies "after receiving the SYN message of step 1020C, server 1 10 performs 
only the minimal communication and computation, and allocates no memory resources for the 
incipient connection. " (emphasis added). Denker '053 continues in column 9, lines 37-42, "as 
compared to TCP, TCP2B provides an improved defense against SYN flooding because server 
100 (under TCP2B) does not allocate any memory resources for the connection until server 110 
determines that the message of step 3040C passes the appropriate mathematical (i.e., 
cryptologic) test." (emphasis added). As is clear from these quoted sections from Denker '053, 
the TCB2B protocol described in this reference specifically require s that n o memory resources 
be allocated until after the connection is validated contrary to the requirement of claim 1 . 

Denker '053 also describes a second protocol, TCP2E, that utilizes a Friends Table to 
determine whether or not a connection request should be completed. However, in this second 
protocol, Denker '053 also requires that no memory resources be allocated until the connection is 
determined to be valid. Specifically, Denker, column 12, lines 29-34, states "at step 215 of FIG. 
7 (after server 1 10 determines that the client's address is not on the server's Friends Table), server 
110 performs only the minimal communication and computation, and allocates no memory 
resources for the requested connection." (emphasis added). Denker '053 continues at lines 52-57 
"at this point server 110 need not allocate memory to store its acknowledgement number $c, 
client 105's IP address or port, client 105's initial sequence number (400 in step 1020E of FIG. 
6), client 105's window size, client 105's requested options, or other information regarding the 
requested connection." (emphasis added). In summary, Denker '053 states in column 15, lines 
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23-27 "the TCP2E protocol offers a greatly improved defense to a SYN flood attack as compared 
to TCP because a transmission control block will not be allocated upon receipt of a SYN ^ 
message unless the client's address is on the server's Friends Table." 

In addition to these two first-level protocols, Denker ! 053 also describes a second- 
level protocol that operates to determine which of the two first-level protocols should be 
used. However, this second-level protocol operates under standard TCP until it determines 
that the server is under an SYN flood attack. Specifically, Denker f 053 explains, beginning 
in column 15, line 66 and continuing to column 16, line 5 "If at step 310 of FIG. 8, server 
110 determines that it is not under attack (i.e., the above described ratio is not below the 
threshold), then server 110 implements standard TCP, with no defense measures. In other 
words, server 110 can allocate computational resources, communication resources, and a full 
transmission control block in response to receiving each request for a TCP connection (SYN 
message). " This operation is clearly contrary to the system and method of the present 
invention, and in fact allows the server to come under a SYN flood attack until a certain 
threshold is exceeded. Once the threshold is exceeded, the second-level protocol operates to 
determine whether TCP2B or TCP2E should be implemented. However, as described above, 
each of these two first-level protocols requires that no memory resources be allocated until 
the connection request is verified. As such, the Applicant respectfully submits that Denker 
f 053 cannot anticipate independent claim 1 which requires the step of allocating a small TCP 
control block (TCB) to service a TCP/IP three-way handshake. Reconsideration of this 
ground of rejection of independent claim 1, and dependent claims 6 and 8-10 are therefore 
respectfully solicited. 

As the foregoing and an analysis of Denker '053 make clear, the "minimal resources" 
that are allocated in response to a SYN message cannot include any "memory resources." 
This is directly supported by Denker f 053 statement in col. 3, In. 18-25 that the "resources" 
allocated in response to a SYN message should be proportional to the resources invested by 
the attacking client, "namely modest computational, modest communication, and, if at all 
possible, zero memory." As the quoted portions of the Detailed Description discussed above 
illustrate, the system of Denker '053 has made it possible to allocate "zero memory". Since 
the small TCB is allocated in memory as claimed by claim 1, Denker '053 cannot anticipate 
this claim, or those dependent thereon, as they do require the allocation of memory resources 
for the small TCB. 
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In view of the above the Applicant respectfully submits that claims 1-20 are in condition 
for allowance, claims 2-5, 7, and 1 1-20 having previously been indicated as being allowable over 
the prior art of record. Reconsideration of this application and indication of the allowability of 
claims 1-20 at an early date are respectfully solicited. 

If the Examiner believes that a telephonic conversation will aid in the resolution of any 
issues not resolved herein, the Examiner is invited to contact the Applicant's attorney at the 
telephone number listed below. 




Date: January 14,2004 
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